Bug 48129 – 02_certificate_check check for certificate exported by apache (ucs-root-ca.crt) is unhelpful

Bug 48129 - 02_certificate_check check for certificate exported by apache (ucs-root-ca.crt) is unhelpful


Summary:	02_certificate_check check for certificate exported by apache (ucs-root-ca.cr...

Status:	RESOLVED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	UMC - System diagnostic
Version:	UCS 4.3
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2018-11-09 14:41 CET by Jürn Brodersen
Modified:	2021-05-14 16:38 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.137
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2018092721000521, 2020072021000391
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jürn Brodersen

2018-11-09 14:41:25 CET

02_certificate_check check for certificate exported by apache (ucs-root-ca.crt) is unhelpful

If the certificate exported by the apache server (/var/www/ucs-root-ca.crt) can not be verified, only the temporary filename for the downloaded certificate is shown. The temporary file is deleted after the test.

Without knowing the source of the check it is not possible to know which certificate has a problem.

Comment 1 Christina Scheinig

2018-11-09 14:49:23 CET

This message is more confuding then helpful for the customer:

Kritisch: Überprüfe Gültigkeit der SSl Zertifikate

Abgelaufenes Zertifikat '/tmp/tmplF7qjY' gefunden.
Ungültiges Zertifikat '/tmp/tmplF7qjY' gefunden:
error /tmp/tmplF7qjY: verification failed

Comment 2 Ingo Steuwer

2019-11-18 16:59:08 CET

Which certificates / files are checked in this test?

If it is only the ucs-root.ca.crt it would be sufficient to have a better message. If we actually check different certificate files we need more information in the message.

Comment 3 Christian Völker

2020-08-13 13:24:19 CEST

This makes troubleshooting difficult as we do not know which certificate is wrong or expired (well, not without knowing this bug).

Comment 4 Ingo Steuwer

2021-05-14 16:38:03 CEST

This issue has been filed against UCS 4.3.

UCS 4.3 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.